mirror of
https://github.com/kovidgoyal/kitty
synced 2026-07-16 21:45:03 +02:00
Fix insufficient sanitization of safe strings in file transfer protocol
Change the spec to restrict safe strings further to avoid such bugs in other implementations. Reported by Edwin Hoffman.
This commit is contained in:
@@ -87,7 +87,9 @@ Detailed list of changes
|
||||
|
||||
- macOS: Fix window shadows not being drawn for transparent windows (:iss:`2827`, :pull:`6416`)
|
||||
|
||||
- Do not echo invalid DECRQSS queries back, behavior inherited from xterm (CVE-2008-2383)
|
||||
- Do not echo invalid DECRQSS queries back, behavior inherited from xterm (CVE-2008-2383). Similarly, fix an echo
|
||||
bug in the file transfer protocol due to insufficient sanitization of safe strings.
|
||||
|
||||
|
||||
0.28.1 [2023-04-21]
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
@@ -508,7 +508,7 @@ enum
|
||||
ac=file
|
||||
|
||||
safe_string
|
||||
A string consisting only of characters from the set ``[0-9a-zA-Z_:.,/!@#$%^&*()[]{}~`?"'\\|=+-]``
|
||||
A string consisting only of characters from the set ``[0-9a-zA-Z_:./@-]``
|
||||
Note that the semi-colon is missing from this set.
|
||||
|
||||
integer
|
||||
|
||||
Reference in New Issue
Block a user